Server Security Software: Enter Acunetix!

In an age where cyber security data breaches are constantly in the news, regulatory and compliance landscapes are continuously evolving, and end users are demanding more privacy and security around their sensitive data, the days of just setting and forgetting firewalls, anti-malware and similar endpoint security long gone.

Whether you’re tasked with defending a small business, a data center, or a cloud-based virtual environments, you unquestionably should be thinking about hardening your web application’s security posture. Hardened web applications reduce attack surface and can be achieved by continuously testing web application controls, web services and network-level server protections against an onslaught of constantly evolving attacks.

This is where Acunetix fits in. Acunetix is a website security testing tool which automatically tests the security posture of your web applications, as well as any server security misconfigurations. Acunetix allows you to assess web application, and web server security by testing for thousands of vulnerabilities quickly and accurately. Acunetix achieves this by combining a re-engineered crawler and scanner with a vast array of highly tuned test cases, intelligently designed to run as fast and efficiently as possible.

Wide technology coverage

Acunetix takes technology support to the next level with best of breed JavaScript support with it’s fully automated JavaScript and browsing engine: DeepScan.

Thanks to DeepScan, Acunetix also has full support for modern Single Page Applications (SPAs) and can understand and fully test applications which rely on JavaScript frameworks like React, Angular, Ember and Vue. This means Acunetix can scan everything from legacy web applications developed on traditional stacks, as well as modern web apps taking advantage of all the latest and greatest technologies.

While some attacks may be detectable by information security software such as Intrusion Detection Systems (IDS) and Web Application Firewalls (WAF), these technologies are not able to stop client-side attacks such as DOM-based XSS (DOM XSS) and Blind SQL Injection. With its DeepScan technology, Acunetix can combat this blind spot by detecting hard to find DOM XSS vulnerabilities together with other forms of cross-site scripting which would otherwise be invisible to the majority of server security software.

In addition, Acunetix can also detect Out of Band (OOB) vulnerabilities through it’s AcuMonitor technology, which would otherwise be impossible to detect using only server security software. With AcuMonitor, vulnerabilities may be out of band, but not out of sight.

Unrivaled speed and accuracy

Web application security scans are typically known for being slow. Acunetix is set to change that. With a re-engineered crawler and scanner, Acunetix is up to twice as fast as it’s previous versions, and is by far the fastest web security scanner on the market.

Speed however, doesn’t mean much without accuracy. Acunetix consistently outperforms other web application scanners in independent third-party comparisons and benchmarks such as WAVSEP and WIVET. With such a low false positive and false negative rate, forget about wasting time weeding through alerts trying to figure out if they’re real vulnerabilities or not, as is typical with most other server security software.

Additionally, Acunetix also provides AcuSensor, an optional sensor for Java, ASP.NET and PHP applications that is deployed on the server-side to further increase accuracy during scans.

What’s more, in Acunetix it’s possible to throttle the speed at which a scan runs, ensuring that it’s still possible to scan web applications which are protected by server security software such as WAFs or IDSs.

Moreover, you can also schedule scans to run at specific times of a day, week or month, or even define you own custom schedule. Alternatively, you may also run scans on a continuous basis with Acunetix only running a quick scan every day of the week, with a full scan run once a week. This ensures that any new vulnerabilities that may have been introduced in-between full scans get picked up by Acunetix immediately.

We utilize Acunetix to more thoroughly assess internet-facing websites and servers. Acunetix helps us identify vulnerabilities in conjunction with other vulnerability scanning applications. Acunetix has been a more reliable application when discovering / determining different types of malicious code injection vulnerabilities (SQL, HTML, CGI, etc).